If you need to set it to sufficient in order to be able to log-in, it means there is probably a configuration error. Check the settings, also check if the account used to connect to the OID isn't locked with an ldapbind.